In computing, phishing is the process of attempting to acquire sensitive information such as usernames, passwords, and financial information (e.g., credit card details) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from financial institutions (e.g., online banks) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a website (e.g., at a login page).
Most methods of phishing use some form of technical deception designed to make a link in an email and the corresponding phishing website that the link leads to appear to belong to an organization's official website. Misspelled Uniform Resource Locators (URLs) or the use of subdomains are common techniques used by phishers. For example, with respect to the URL “http://www.mybank.example.com”, it appears as though the URL will take you to the example section of the mybank website. Instead, however, this URL points to the “mybank” (i.e., phishing) section of the example website.
Several problems arise with respect to links in email messages. Users are usually unaware of the legitimacy of the underlying URLs in a link in an email message. Also, it is typically difficult for people to visually differentiate between a phishing website (e.g., login page that is really used to capture someone's username and password) and an official website.